Certificate Error for Exchange 2010
Hi,
I keep on getting this error when users open Outlook.
I am unsure how to test but the certificate was issued with the ngcpost2.gallery.ca
Could it be related that the PRT record points to *.gallery.ca? for some reason this was implemented by the webteam.
Thank you.
I keep on getting this error when users open Outlook.
I am unsure how to test but the certificate was issued with the ngcpost2.gallery.ca
Could it be related that the PRT record points to *.gallery.ca? for some reason this was implemented by the webteam.
Thank you.
Nick Rhode
create a record for ngcpost2.gallery.ca and that should clear it up.
Is it SAN certificate or single name ? if so, does it include ngcpost2.gallery.ca ?
ASKER
It's a single name. I am checking with the ISP atm to see whats our PTR record at.
I am also changing to a SAN or the SSL company also recommended a UCC cert.
Is one better then the other?
All I'm looking to do is add more names in the future to enable the auto-discovery etc...
Thx.
I am also changing to a SAN or the SSL company also recommended a UCC cert.
Is one better then the other?
All I'm looking to do is add more names in the future to enable the auto-discovery etc...
Thx.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
For exchange server to work properly, you need a UCC certificate .
"For exchange server to work properly, you need a UCC certificate . "
Not true. It is perfectly possible to use Exchange with a single name certificate.
Given the failure messages I would expect that one of the host names in Exchange is wrong and the incorrect information is being returned by Autodiscover.
Go through them all using my guide here:
http://semb.ee/hostnames
Simon.
Not true. It is perfectly possible to use Exchange with a single name certificate.
Given the failure messages I would expect that one of the host names in Exchange is wrong and the incorrect information is being returned by Autodiscover.
Go through them all using my guide here:
http://semb.ee/hostnames
Simon.
you can follow below artical to suppress the AutoDiscover mismatch warning..
http://support.microsoft.com/kb/2783881
As per my undertanding you should add below host to your cert.
Autodiscover.domain.name
Host name of all CAS Server
comman URL for CAS Array.
Hope this will help.
http://support.microsoft.com/kb/2783881
As per my undertanding you should add below host to your cert.
Autodiscover.domain.name
Host name of all CAS Server
comman URL for CAS Array.
Hope this will help.
@ ssbms
Your information is wrong.
You don't include the CAS Array to the SSL certificate as the host name for the CAS Array should be unique to that function and should not resolve externally.
The host name of the CAS servers - again you cannot include internal names on SSL certificates that are dated past November 2014, the SSL providers will not let you.
You don't even have to include Autodiscover.example.com, you can use SRV records.
Supressing the Autodiscover record is also not a great answer - while possible, if the SSL certificate is done correctly, completely unnecessary.
Simon.
Your information is wrong.
You don't include the CAS Array to the SSL certificate as the host name for the CAS Array should be unique to that function and should not resolve externally.
The host name of the CAS servers - again you cannot include internal names on SSL certificates that are dated past November 2014, the SSL providers will not let you.
You don't even have to include Autodiscover.example.com, you can use SRV records.
Supressing the Autodiscover record is also not a great answer - while possible, if the SSL certificate is done correctly, completely unnecessary.
Simon.
ASKER
Hi all,
I have upgraded to a UCC certificate. Everything was going well until I enable the Autodiscovery in exchange and now I'm getting an error with the certificate mismatch now.
In the certificate I have added:
gallery.ca
autodiscovery.gallery.ca
ngcpost2.gallery.ca
Attached is the error. Now I know that autodiscover.gallery.ca is misstyped and I have change it but it still apprears.
I have upgraded to a UCC certificate. Everything was going well until I enable the Autodiscovery in exchange and now I'm getting an error with the certificate mismatch now.
In the certificate I have added:
gallery.ca
autodiscovery.gallery.ca
ngcpost2.gallery.ca
Attached is the error. Now I know that autodiscover.gallery.ca is misstyped and I have change it but it still apprears.
There is nothing attached.
"enable the Autodiscovery in exchange"
What exactly do you mean by that, as it is not something that you can enable/disable.
Have you changed Exchange to use the host names on the SSL certificate and verified that they resolve internally to the correct place?
Simon.
"enable the Autodiscovery in exchange"
What exactly do you mean by that, as it is not something that you can enable/disable.
Have you changed Exchange to use the host names on the SSL certificate and verified that they resolve internally to the correct place?
Simon.